Terms and Conditions

1. DEFINITIONS

For the purposes of these Terms and Conditions, the following terms shall have the meanings assigned to them below.

1.1. Services

"Services" shall mean and include all cybersecurity-related services, consulting, advisory, technical support, digital tools, software solutions, reports, assessments, and professional engagements provided by Arica Tech Security LLP through the Platform or otherwise, including without limitation: Vulnerability Assessment and Penetration Testing (VAPT); Cybersecurity Audits and Security Assessments; Network Security Monitoring; Incident Response Advisory; Security Consulting and Advisory Services; Regulatory and Compliance Advisory; Threat Intelligence Services; Digital Forensics Advisory; Security Architecture Consulting; and any other cybersecurity services offered by the Company from time to time.

1.2. Platform

"Platform" shall mean the official website, web applications, digital portals, software interfaces, dashboards, systems, and any other online infrastructure owned, managed, or operated by Arica Tech Security LLP through which the Services, content, tools, reports, or other digital resources are made available to Users.

1.3. User, Client, or You

"User", "Client", or "You" shall mean any individual, organization, company, governmental body, institution, or other legal entity that accesses, browses, registers with, or uses the Platform or any Services provided by the Company.

1.4. User Data

"User Data" shall mean any data, information, files, content, credentials, logs, system configurations, network information, metadata, digital assets, or other materials that are provided, transmitted, uploaded, or otherwise made accessible to the Company by the User in connection with the use of the Services. User Data shall remain the property of the User unless otherwise agreed in writing.

1.5. Confidential Information

"Confidential Information" shall mean any proprietary, sensitive, technical, commercial, or business information disclosed by either party to the other in connection with the Services. Confidential Information shall not include information that is publicly available without breach of these Terms; was lawfully known to the receiving party prior to disclosure; is independently developed without use of the Confidential Information; or is required to be disclosed by law.

1.6. – 1.8. Company, Website, Applicable Laws

"Company" shall mean Arica Tech Security LLP, including its affiliates, partners, directors, employees, consultants, agents, contractors, and authorized representatives. "Website" means the official online website operated by Arica Tech Security LLP. "Applicable Laws" shall mean all laws, regulations, statutory provisions, regulatory guidelines, industry standards, and governmental directives applicable to the Services and the operation of the Platform, including but not limited to the Information Technology Act, 2000; the Digital Personal Data Protection Act, 2023; the GDPR; the CCPA; and other applicable international cybersecurity, privacy, and data protection laws.

2. ELIGIBILITY

Access to and use of the Platform and Services is limited to individuals and entities that possess the legal capacity to enter into binding agreements. The User represents and warrants that they are at least eighteen (18) years of age, possess full legal capacity and authority to enter into these Terms, and where acting on behalf of an entity, are duly authorized to bind such entity. The User agrees that their use of the Platform and Services shall not violate any applicable laws. The Company reserves the right to limit or prohibit access where such access may violate export control regulations, cybersecurity laws, or international sanctions, and to request additional information to verify eligibility.

3. SCOPE OF CYBERSECURITY SERVICES

Arica Tech Security LLP provides professional cybersecurity solutions, advisory services, technical assessments, and consulting services. The Services may include Security Assessments; Cyber Risk Analysis; Penetration Testing (with prior written authorization); Security Architecture Consulting; Compliance Assessments; Incident Investigation Support; and other cybersecurity-related services. The exact scope, methodology, duration, and deliverables may be defined in a separate Statement of Work, service agreement, or engagement letter. The User acknowledges that cybersecurity services do not guarantee complete protection against all cyber threats; assessments are point-in-time evaluations; and implementation of recommendations remains the sole responsibility of the Client unless otherwise agreed. The Company does not guarantee regulatory compliance; the Client remains solely responsible for ensuring compliance with applicable laws.

4. ACCEPTABLE USE POLICY

The Platform and Services are intended solely for legitimate cybersecurity assessment, consulting, advisory, and related professional purposes. Users shall not use the Platform or Services for: illegal hacking or unauthorized intrusion; cyber warfare or offensive cyber operations; malware creation or distribution; phishing or social engineering attacks; identity theft or impersonation; financial fraud or cyber fraud; unauthorized surveillance; violations of intellectual property rights; violation of cybersecurity or computer misuse laws; or unauthorized security testing. Where Services involve penetration testing, the User must ensure lawful authority and written authorization from the system owner. The Company reserves the right to monitor use, suspend or terminate access, and report prohibited conduct to authorities.

5. CLIENT RESPONSIBILITIES

The Client agrees to cooperate with Arica Tech Security LLP and provide accurate, complete, and lawful authorization for security testing. For penetration testing, the Client shall provide prior written authorization specifying systems, scope, time period, and limitations. The Client shall ensure third-party permissions and contractual compliance where systems are hosted by third parties; maintain backups and operational safeguards; comply with applicable laws and regulations; provide accurate and complete information; and cooperate during service delivery. The Company shall not be responsible for consequences arising from the Client's failure to obtain required approvals, maintain backups, or provide accurate information.

6. DATA PROTECTION AND PRIVACY

Arica Tech Security LLP is committed to processing personal data in a lawful, transparent, and secure manner in accordance with applicable data protection laws (including GDPR, DPDP Act 2023, CCPA). The Company may process personal identification information, technical system data, and other information necessary to deliver the Services. Processing is based on contractual necessity, legitimate interests, legal compliance, or consent. Data is retained only as long as necessary and is protected by appropriate technical and organizational measures. The Client represents that any personal data provided has been collected lawfully and with required consents. Data subject rights may be exercised by contacting the Company. Further details are in the Privacy Policy.

7. CROSS-BORDER DATA TRANSFERS

Where necessary, data may be transferred, accessed, or processed across international jurisdictions. The Company shall ensure such transfers comply with applicable frameworks (e.g. GDPR for EU data). The Client acknowledges and agrees that data may be transferred across national borders where reasonably necessary for the provision of the Services and that such transfers may involve jurisdictions whose data protection laws may differ from the Client's.

8. CONFIDENTIALITY

Both parties shall treat information disclosed in connection with the Services as confidential and use it solely for performing obligations under the applicable service engagement. Confidential Information may be disclosed only where necessary for performance (to authorized personnel bound by confidentiality), where required by law (with reasonable prior notice where permissible), or where the information has become publicly available without breach. Confidentiality obligations survive termination.

9. INTELLECTUAL PROPERTY RIGHTS

All intellectual property rights in the Platform, Services, tools, materials, and deliverables remain the exclusive property of the Company or its licensors. The Company grants the Client a limited, non-exclusive, non-transferable, revocable license to use reports and deliverables solely for reviewing findings, implementing recommendations, and improving internal security. The Client shall not reproduce, distribute, modify, or reverse engineer the Company's proprietary materials without express authorization. The Client retains ownership of User Data and systems provided to the Company. Feedback may be used by the Company to improve its products without obligation to compensate the Client.

10. EXPORT CONTROL COMPLIANCE

The User agrees to comply with all applicable export control laws and regulations. Users shall not export, transfer, or re-export the Company's tools, software, or technical data to sanctioned countries, restricted parties, or for unlawful cyber activities. Access may be restricted in jurisdictions subject to sanctions or export restrictions. The User represents that they are not located in a sanctioned jurisdiction, not on a restricted party list, and will not use the Services in violation of export control laws.

11. INCIDENT RESPONSE DISCLAIMER

The cybersecurity services are primarily advisory and analytical. The Company does not operate or control the Client's systems unless agreed under a separate managed services agreement. The Company does not guarantee the prevention, detection, or elimination of all cybersecurity risks. To the fullest extent permitted by law, the Company shall not be liable for cyber incidents arising from circumstances beyond its reasonable control (e.g. zero-day vulnerabilities, third-party attacks, infrastructure failures, system changes after assessment, insider threats). Implementation of recommendations remains the Client's responsibility. The Company's recommendations do not constitute legal advice and do not guarantee regulatory compliance.

12. DISCLAIMER OF WARRANTIES

The Platform and Services are offered on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind. The Company disclaims all implied warranties including merchantability, fitness for a particular purpose, uninterrupted availability, and error-free operation. The Company does not warrant that the Services will identify all vulnerabilities, prevent all cyber-attacks, or eliminate all security risks. The Company does not warrant third-party systems. Recommendations are for informational and advisory purposes only.

13. LIMITATION OF LIABILITY

To the maximum extent permitted by law, Arica Tech Security LLP shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from the use of the Platform or Services. The Company shall not be liable for indirect or consequential damages, loss of data, loss of revenue or profits, business interruption, cyber-attacks, security incidents after assessment, or acts of third parties. The total aggregate liability of the Company shall not exceed the total fees actually paid by the Client for the specific service engagement giving rise to the claim. These limitations reflect a reasonable allocation of risk and form an essential basis of the agreement.

14. INDEMNIFICATION

The Client agrees to indemnify, defend, and hold harmless Arica Tech Security LLP from and against any claims, damages, liabilities, losses, costs, and expenses (including reasonable legal fees) arising from: misuse of tools or services; unauthorized security testing; violation or infringement of third-party rights; or breach of applicable laws by the Client. The Client represents that it has obtained all necessary permissions and authorizations for the Company to perform the requested services. The indemnification obligations survive termination.

15. THIRD-PARTY SERVICES

The Platform and Services may incorporate or rely upon third-party technologies, tools, or service providers. The Company does not own or control such third-party systems and makes no representations regarding their reliability, availability, security, or performance. Use of third-party services may be subject to separate terms; the Company shall not be responsible for obligations under third-party agreements. Any interaction with third-party tools or external links is at the User's own risk.

16. TERMINATION

The Company reserves the right to suspend, restrict, or terminate access to the Platform or Services where the Company reasonably believes a User has violated these Terms or engaged in conduct posing legal, operational, or security risks. Grounds for termination include misuse of services, unlawful or fraudulent activity, failure to pay fees, material breach of Terms, or failure to provide required authorizations. Upon termination, the User's right to access shall cease and licenses shall terminate. Outstanding obligations (payment, confidentiality, indemnification, limitation of liability) survive termination.

17. GOVERNING LAW

These Terms and any disputes arising out of or relating to the Platform or Services shall be governed by and construed in accordance with the laws of India, without regard to conflict of law principles. The application of the CISG is excluded. Where services are delivered to Clients outside India, the Company shall endeavor to operate consistently with applicable international regulatory frameworks. Users outside India are responsible for ensuring their use complies with local laws. The courts located in Pune, Maharashtra, India shall have exclusive jurisdiction over enforcement of arbitration awards, interim relief, or non-arbitrable disputes.

18. DISPUTE RESOLUTION

The parties shall first attempt to resolve disputes through good faith negotiations. If the dispute cannot be resolved amicably within a reasonable period, it shall be finally resolved by arbitration in accordance with the Arbitration and Conciliation Act, 1996. The arbitration shall be conducted by a sole arbitrator mutually appointed by the parties; the seat and venue shall be Pune, Maharashtra, India; the language shall be English; and the arbitrator's decision shall be final and binding. Either party may seek interim or injunctive relief from a competent court where necessary to protect intellectual property or confidential information. Unless otherwise determined by the arbitrator, costs of arbitration shall be borne in accordance with the award.

19. FORCE MAJEURE

The Company shall not be liable for any failure or delay in performance resulting from Force Majeure Events (events beyond its reasonable control), including cyber warfare or large-scale cyber-attacks, governmental actions or regulatory restrictions, natural disasters, internet or network disruptions, infrastructure failures, labor disputes, or other public emergencies. The Company's obligations shall be suspended for the duration of the Force Majeure Event to the extent it prevents performance. The Company shall make reasonable efforts to resume performance as soon as practicable and may take commercially reasonable steps to mitigate impact.

20. MODIFICATIONS TO TERMS

The Company reserves the right to modify, amend, update, or replace these Terms at any time. Where material changes are made, the Company shall make reasonable efforts to notify Users by publishing the updated Terms on the website with the effective date. Continued access to or use of the Platform or Services following publication of revised Terms shall constitute acceptance. The most recent version published on the Platform shall govern unless otherwise specified in a written agreement between the Company and the Client.

21. CONTACT INFORMATION